- I. Important Information and Who We Are
- II. The Information We Collect About You
- III. How We Collect Information from You
- IV. Purposes for Collecting and Processing Personal Information
- V. Disclosures of Your Personal Information
- VI. Transfers of Personal Information
- VII. Data Security
- VIII. Data Retention and Storage
- IX. Your Legal Rights
- X. Cookies and Other Tracking Technologies
- XI. Third Party Links
- XII. Children
- XIII. Contact Us
I. Important Information and Who We Are
By visiting our Site, or using any of our services, you agree that your personal information will be handled as described in this Policy. Your use of our Site or services, and any dispute over privacy, is subject to this Policy and our Terms of Service, including its applicable limitations on damages and the resolution of disputes or any service-specific terms made available to you when you sign up for the service. Our Terms of Service are incorporated by reference into this Policy.
We are a Data Processor with respect to our practices in managing your personal information. This Policy explains how we “process” personal information. “Processing” refers to how we collect, use, store, disclose and transfer your personal information. “Personal Information” means any information relating to an individual from which that person can be identified. It does not include information where the identity has been removed (anonymized information).
II. The Information We Collect About You
We process the following categories of personal information directly from you, from third parties, and automatically as you use our Site.
- Identity Information, including: first and last name, address, phone numbers, date of birth, email address, state identification number, social security number, digital photographs, video, audio and signatures.
- Remote Proctoring: We may collect Identity Information through remote proctoring. We provide a service whereby clients who may conduct examinations outside of our examination centers use our remote proctoring service. This service requires the users to log onto our Remote Proctoring platform and the user takes the exam while being monitored through their webcam, microphone and through their computer’s desktop which are all accessible to a remote examiner. We collect this information for identity verification, conducting the examination, for fraud prevention, security and integrity, and as otherwise required by law.
- Contact Information, including: email address, billing address and delivery address.
- Sensitive Information, including: age, race, ethnicity, religion, creed, sex, gender identity and expression, sexual orientation, and criminal convictions and offenses:
- Biometric Information, including fingerprint images and facial images;
- Medical Information related to exam results or examination candidates’ requests for examination accommodations.
- Financial Information, including: bank account and payment card details.
- Professional or Employment-related Licensure Information, including: license application information, license activity, license history, information relating to continuing education credits, public complaints, board actions taken against a licensee, or any public actions taken against a licensee by regulatory boards or agencies (“Licensee Updates”).
- Transaction Information, including: details about payments to and from you and other details about products and services you have purchased from us.
- Technical Information, including: internet protocol (IP) addresses, your login information, browser type and version, and operating system and platform information.
- Usage Information, including information about how you use our Sites, products and services.
- Marketing and Communications Information, including your preferences in receiving marketing information from us and our third parties and your communication preferences.
III. How We Collect Information from You
We use different methods to collect information from and about you including through:
- Direct interactions. We collect information from you when you register to take an exam, use our services, contact customer service, and otherwise contact us. This includes personal information, such as Identity Information, Contact Information, and Financial Information, that you provide to us during the provision of services.
- Automated technologies or interactions. We automatically collect the following information about your use of our Site through cookies, web beacons, and other technologies: your domain name, your browser type and operating system, web pages you view, links you click, your IP address, the length of time you visit or your use of the Site, the referring URL, and the webpage that led you to our Site. We may combine this information with other information that we have collected about you, including, where applicable, your name and other personal information. Please see our Cookies and Additional Tracking Technologies below for additional information.
- Third parties or publicly available sources. We receive personal information about you from various third parties and public sources as set out below:
- Identity Information and Contact Information from our clients. Many of our clients are corporations (“Contracting Party”) that use our services to deliver exams to their job candidates or personnel. As such, we collect and maintain the information, including personal information, examination information of such job candidates or personnel, and job applicant demographics while providing these services.
- Professional or Employment-related Licensure Information from regulatory boards, licensing agencies and clients.
- Technical Information and Transaction Information from analytics providers, such as Google.
IV. Purposes for Collecting and Processing Personal Information (How We Use Your Personal Information)
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Performance of a Contract. We collect and process personal information, including Identity Information, Contact Information, Financial Information, and Professional Information, for the purposes of the performance of a contract we are about to enter or have entered into with a client to provide exam-related services, fulfill requests for information about exam and examination opportunities, facilitate registration for exams, and provide examination services to both candidates and clients. Where permitted by law, we may send exam candidates commercial communications and offers for additional examination or training services on behalf of clients.
- Consent. We will process your personal information, only to the extent you have consented, when you have given us your specific and informed consent for us to use your personal information. For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you.
- Legitimate Business Purpose. We process personal information where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes activities related to everyday business operations, such as invoice processing, business planning, improving the content of our Site, improving our products and services, undertaking transactional and statistical analysis and related research, and handling client service-related queries and complaints. We also may use the information that we learn about you to assist us in advertising our Services on third party websites.
- Legal Obligation. We will process your personal information when we need to comply with a legal obligation, meet our on-going regulatory and compliance obligations including in relation to recording and monitoring communications, disclosures to tax authorities, financial service regulators and other regulatory and governmental bodies, and to investigate security incidents and in preventing crime.
V. Disclosures of Your Personal Information
We do not sell your personal information to third parties for their own marketing purposes.
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except in performance of the contract.
We may disclose your personal information internally, within entities of the PSI Group, and externally, with our Contracting Parties, and other third parties as set forth below:
- Contracting Parties: With respect to our Contracting Parties, we share your information, including results of your exam, Job Demographics, and other information about you with our Contracting Parties if you have applied for a job with or are employed by such Contracting Party.
- Government and Professional Licensing Agencies: We disclose personal information, Exam Information, Licensure Updates and other information relating to licensing agencies, regulatory boards, state governments or professional associations for inclusion in their files and records. In certain States, licensees’ personal information, examination information, and Licensee Updates are considered information that is in the public domain.
- Service Providers: We share information with our suppliers, including PSI Group companies and other business partners who provide services to us.
- Law Enforcement/Public Authorities: If required from time to time, we disclose information to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, when these authorities or bodies require us to do so, where necessary to facilitate an investigation of cheating, or where we believe, in our discretion, that disclosure is appropriate to protect our rights and interests or the rights and interests of third parties.
- Corporate Transactions: If we are acquired by or merged with another company, if any of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other party.
VI. Transfers of Personal Information
We may share your personal information within the PSI Group. This will involve transferring your information outside the European Economic Area (EEA). Whenever we transfer your personal information outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring the following safeguards are implemented:
- EU-U.S. & Swiss-U.S. Privacy Shield Certification. We recognize that a number of countries have established strict protections regarding the handling of personal information, particularly the EU, Switzerland and the United Kingdom, which have requirements to provide adequate protection for such personal information transferred outside of the EU, Switzerland and the United Kingdom. We comply with the Privacy Shield frameworks, and particularly, as agreed to between the U.S. Department of Commerce, the European Commission, the Swiss Administration and the United Kingdom, respectively, regarding its collection, use, and retention of personal information from EU member countries, Switzerland and the United Kingdom. Specifically, we have certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement, and liability. To learn more about the Privacy Shield program, and to view our certification, please visit the Privacy Shield website at www.privacyshield.gov. As a Privacy Shield participant, we have agreed to abide by the investigatory and enforcement powers of the U.S. Federal Trade Commission or any other U.S. authorized statutory body.
VII. Data Security
We have put in place various electronic safeguards and managerial processes designed to prevent unauthorized access or disclosure, maintain data integrity, and ensure the appropriate use of personal information. We use industry best practices and guidance from sources such as the National Institute of Standards and Technology (NIST), Payment Card Industry (PCI), standards promulgated by the Center for Internet Security (CIS), and International Standards Organization (ISO), ISO/IEC 27001:2013 (Security techniques — Information security management systems — Requirements) to design and maintain our information security program. We maintain personal information, exam data, and Licensee Updates on secured computers and all clients, exam candidates, and employer accounts are password protected. Of course, no such security and safeguards are 100% effective, but we will take commercially reasonable efforts to employ security measures designed to protect such information. No personal information is knowingly disclosed to third parties except as described herein. Unfortunately, no data transmission over the Internet can be guaranteed to be completely secure. Thus, we cannot ensure or warrant the security of any information transmitted to us.
We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
VIII. Data Retention and Storage
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other retention requirements.
In some circumstances you can ask us to delete your information. Please see the Your Legal Rights section below for further information.
In some circumstances we will anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
IX. Your Legal Rights
With certain exceptions, you have the following rights under data protection laws in relation to your personal information.
- Request access to your personal information.
- Request correction of your personal information.
- Request erasure of your personal information.
- Object to processing of your personal information.
- Request restriction of processing of your personal information.
- Request transfer of your personal information.
- Right to withdraw consent.
To exercise any of these rights, please contact the Contracting Entity or submit a request to us by emailing our Data Protection Officer at: email@example.com.
Personal Information Sales Opt-Out and Opt-In
- Opt-In. We may engage in marketing campaigns to propose products or services that may be of interest to existing or future consumers of our products or services. Where required by applicable law, we will only engage in such marketing communications if the individual has provided their consent (i.e. opted in). Additionally, we may offer you certain financial incentives that can result in different prices, rates, or quality levels. Any permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
- Opt-Out. Individuals may opt-out of the processing of their personal information by exercising their right to withdraw consent and the right to object to processing of their information. To opt-out of commercial emails, simply click the link labeled “unsubscribe” at the bottom of any email sent by us. Please note that even if you opt-out of commercial emails, we may still need to contact you with important transactional information about your account with us or a scheduled exam in order to fulfil a contractual obligation. For example, we will still send exam confirmations and reminders, information about exam center changes and closures, and information about exam results even if commercial emails have been opted-out (or not opted-in).
Privacy Rights for California Citizens
This Privacy Rights for California Citizens supplements the information contained in Policy and applies solely to all visitors, users, and others who are citizens of the State of California. We adopt this section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this section. The CCPA provides California residents with specific rights regarding their personal information:
- Request access to your personal information and data portability. You have the right to request PSI disclose the categories and sources of personal information we collected about you over the past 12 months. Additionally, you have the right to request the business purpose for collecting or selling that personal information, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we have collected about you.
- Request deletion of your personal information. You have the right to request that PSI delete any of your personal information that we collected from you, subject to certain exceptions, such as to comply with a legal obligation or to detect security incidents.
- Right to Opt-Out of the Sale of Personal Information. If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time. We do not sell the personal information of consumers we know are less than 16 years of age, unless we receive affirmative authorization from a consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Where a data subject has opted-in (either explicitly or implicitly as applicable) to a marketing communication, they may opt-out of any such communication at any time.
To exercise any of these rights, please submit a verifiable consumer request by either:
We will not discriminate against you for exercising any of the foregoing rights. You will not have to pay a fee to access your personal information or to exercise any of the other rights. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request. You may only make such a request twice within any 12-month period. Your request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information. As a security measure, we may need to request specific information from you to help us confirm your identity.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
X. Cookies and Other Tracking Technologies
Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site or while using our services. There are two types of cookies: session and persistent cookies.
- Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site. This allows us to process your online transactions and requests, and verify your identity (upon login) as you navigate through our Site.
- Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about user activity, and to display advertising both on our Site and on third-party sites.
- Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not be functional.
Local Storage Objects:
We may use Flash Local Storage Objects (“Flash LSOs”) to store your Site preferences and to personalize your visit. Flash LSOs are different from browser cookies because of the amount and type of information stored. Typically, you cannot control, delete, or disable the acceptance of Flash LSOs through your web browser. For more information on Flash LSOs, or to learn how to manage your settings for Flash LSOs, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently on your computer, choose “Website Storage Settings Panel” and follow the instructions to review and, if you choose, to delete any specific Flash LSO.
Clear GIFs, Pixel Tags and Other Technologies
Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), relating to our Site to, among other things, track the activities of Site visitors, help us manage content, and compile statistics about Site usage. We and our third-party service providers also use clear GIFs in HTML emails to our clients, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Third Party Analytics
Do Not Track Disclosure
Our Site and services do not respond to web browser Do Not Track signals. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies). You also may opt-out of targeted advertising by following the instructions in the Third-Party Ad Networks section. For more information about Do Not Track signals, please visit www.allaboutdnt.com.
Third-Party Ad Networks
Users in the United States may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members.
Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org.
XI. Third-Party Links
This Site is not designed to attract anyone under the age of 13 and children under the age of 13 are not permitted to access or use the Site. In limited circumstances and in specific markets, an educational institution may contract with us to provide examinations to candidates under the age of 13. Additional relevant information will be provided to such exam takers through the educational institution or at the time of or prior to the provision of services.
XIII. Contact Us
You may contact our Data Protection Officer through email at firstname.lastname@example.org if you have any questions or if you are not satisfied with any aspect of the processing of your Personal Data by PSI.
We reserve the right to amend or change this Policy from time to time, so please be sure to check back periodically. We will post any changes, including any material changes, to this Policy on our Site.
This document was updated on 1st January 2020. It is a notice explaining what PSI does, rather than a document that binds PSI or any other party contractually.